From owner-svn-ports-all@FreeBSD.ORG Wed Sep 19 03:46:37 2012 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 015401065674; Wed, 19 Sep 2012 03:46:37 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id DEBF88FC08; Wed, 19 Sep 2012 03:46:36 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q8J3kajv019176; Wed, 19 Sep 2012 03:46:36 GMT (envelope-from dougb@svn.freebsd.org) Received: (from dougb@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q8J3kaeJ019165; Wed, 19 Sep 2012 03:46:36 GMT (envelope-from dougb@svn.freebsd.org) Message-Id: <201209190346.q8J3kaeJ019165@svn.freebsd.org> From: Doug Barton Date: Wed, 19 Sep 2012 03:46:36 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r304476 - in head: dns/bind96 dns/bind97 dns/bind98 dns/bind99 security/vuxml X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Sep 2012 03:46:37 -0000 Author: dougb Date: Wed Sep 19 03:46:35 2012 New Revision: 304476 URL: http://svn.freebsd.org/changeset/ports/304476 Log: Upgrade to the latest BIND patch level: Prevents a crash when queried for a record whose RDATA exceeds 65535 bytes. Prevents a crash when validating caused by using "Bad cache" data before it has been initialized. ISC_QUEUE handling for recursive clients was updated to address a race condition that could cause a memory leak. This rarely occurred with UDP clients, but could be a significant problem for a server handling a steady rate of TCP queries. A condition has been corrected where improper handling of zero-length RDATA could cause undesirable behavior, including termination of the named process. For more information: https://kb.isc.org/article/AA-00788 Modified: head/dns/bind96/Makefile head/dns/bind96/distinfo head/dns/bind97/Makefile head/dns/bind97/distinfo head/dns/bind98/Makefile head/dns/bind98/distinfo head/dns/bind99/Makefile head/dns/bind99/distinfo head/security/vuxml/vuln.xml Modified: head/dns/bind96/Makefile ============================================================================== --- head/dns/bind96/Makefile Tue Sep 18 23:57:11 2012 (r304475) +++ head/dns/bind96/Makefile Wed Sep 19 03:46:35 2012 (r304476) @@ -1,9 +1,4 @@ -# New ports collection makefile for: BIND 9.6.x -# Date created: 3 January 2009 -# Whom: dougb -# # $FreeBSD$ -# # I stay very aware of developments with BIND in general, and with # BIND 9 in particular. I frequently delay updating this port from @@ -12,7 +7,7 @@ # release you can generally build it cleanly from the source - Doug PORTNAME= bind96 -PORTVERSION= 9.6.3.1.ESV.R7.2 +PORTVERSION= 9.6.3.1.ESV.R7.3 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} MASTER_SITE_SUBDIR= bind9/${ISCVERSION} @@ -21,10 +16,10 @@ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${ EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= dougb@FreeBSD.org -COMMENT= The BIND DNS suite with updated DNSSEC and threads +COMMENT= BIND DNS suite with updated DNSSEC and threads # ISC releases things like 9.4.0b3, which our versioning doesn't like -ISCVERSION= 9.6-ESV-R7-P2 +ISCVERSION= 9.6-ESV-R7-P3 MAKE_JOBS_UNSAFE= yes @@ -199,7 +194,9 @@ post-patch: ${WRKSRC}/bin/${FILE}.Dist > ${WRKSRC}/bin/${FILE} .endfor +.if !defined(NOPORTDOCS) PORTDOCS= * +.endif PKGMESSAGE= ${.CURDIR}/../bind97/pkg-message PKGINSTALL= ${.CURDIR}/../bind97/pkg-install post-install: Modified: head/dns/bind96/distinfo ============================================================================== --- head/dns/bind96/distinfo Tue Sep 18 23:57:11 2012 (r304475) +++ head/dns/bind96/distinfo Wed Sep 19 03:46:35 2012 (r304476) @@ -1,4 +1,4 @@ -SHA256 (bind-9.6-ESV-R7-P2.tar.gz) = 5dd1f751983f9658d34d1b31e384643554a94f79e1f3ee551d9af72a0550cf93 -SIZE (bind-9.6-ESV-R7-P2.tar.gz) = 6415767 -SHA256 (bind-9.6-ESV-R7-P2.tar.gz.asc) = 78d5afb1d87d51e5c6dedd92adcfceda02b371282f438f54cb1878d137f7a385 -SIZE (bind-9.6-ESV-R7-P2.tar.gz.asc) = 490 +SHA256 (bind-9.6-ESV-R7-P3.tar.gz) = c3ca6ab6c162689ec9662d822b255c3a99c076d968bc059b4ae11f1d4c35edae +SIZE (bind-9.6-ESV-R7-P3.tar.gz) = 6411767 +SHA256 (bind-9.6-ESV-R7-P3.tar.gz.asc) = 1a9cf3ba23a769d6a2e38a881ab9f714a2203104db88312ef9f931269af0da3d +SIZE (bind-9.6-ESV-R7-P3.tar.gz.asc) = 490 Modified: head/dns/bind97/Makefile ============================================================================== --- head/dns/bind97/Makefile Tue Sep 18 23:57:11 2012 (r304475) +++ head/dns/bind97/Makefile Wed Sep 19 03:46:35 2012 (r304476) @@ -1,12 +1,7 @@ -# New ports collection makefile for: BIND 9.7.x -# Date created: 13 December 2009 -# Whom: dougb -# # $FreeBSD$ -# PORTNAME?= bind97 -PORTVERSION= 9.7.6.2 +PORTVERSION= 9.7.6.3 PORTREVISION?= 0 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} @@ -16,10 +11,10 @@ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${ EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= dougb@FreeBSD.org -COMMENT?= The BIND DNS suite with updated DNSSEC and threads +COMMENT?= BIND DNS suite with updated DNSSEC and threads # ISC releases things like 9.4.0b3, which our versioning doesn't like -ISCVERSION= 9.7.6-P2 +ISCVERSION= 9.7.6-P3 MAKE_JOBS_UNSAFE= yes @@ -210,8 +205,9 @@ post-patch: ${WRKSRC}/bin/named/Makefile.in.Dist > \ ${WRKSRC}/bin/named/Makefile.in +.if !defined(NOPORTDOCS) PORTDOCS= * - +.endif post-install: ${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \ ${BIND_DESTETC}/rndc.conf.sample Modified: head/dns/bind97/distinfo ============================================================================== --- head/dns/bind97/distinfo Tue Sep 18 23:57:11 2012 (r304475) +++ head/dns/bind97/distinfo Wed Sep 19 03:46:35 2012 (r304476) @@ -1,4 +1,4 @@ -SHA256 (bind-9.7.6-P2.tar.gz) = f1ff8b778c6569198a88994dfdbfb6fb453648227c28656e65aee357a993b07d -SIZE (bind-9.7.6-P2.tar.gz) = 6979194 -SHA256 (bind-9.7.6-P2.tar.gz.asc) = ad5ee83dfe27684c9af4c949bfdb4c4f2b72f37ab833c08b633baeb4ba707007 -SIZE (bind-9.7.6-P2.tar.gz.asc) = 490 +SHA256 (bind-9.7.6-P3.tar.gz) = 5d5ad5b168fb9231185e363b7d8c391e4b7b801eef269415f273e5e4591ba277 +SIZE (bind-9.7.6-P3.tar.gz) = 6971503 +SHA256 (bind-9.7.6-P3.tar.gz.asc) = 6b388305b98b0b46a4629333b15513a406779bbf70aeccc7be6b74aa1d5fe61c +SIZE (bind-9.7.6-P3.tar.gz.asc) = 490 Modified: head/dns/bind98/Makefile ============================================================================== --- head/dns/bind98/Makefile Tue Sep 18 23:57:11 2012 (r304475) +++ head/dns/bind98/Makefile Wed Sep 19 03:46:35 2012 (r304476) @@ -1,9 +1,4 @@ -# New ports collection makefile for: BIND 9.8.x -# Date created: 10 December 2010 -# Whom: dougb -# # $FreeBSD$ -# # I stay very aware of developments with BIND in general, and with # BIND 9 in particular. I frequently delay updating this port from @@ -12,7 +7,7 @@ # release you can generally build it cleanly from the source - Doug PORTNAME= bind98 -PORTVERSION= 9.8.3.2 +PORTVERSION= 9.8.3.3 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} MASTER_SITE_SUBDIR= bind9/${ISCVERSION} @@ -21,10 +16,10 @@ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${ EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= dougb@FreeBSD.org -COMMENT= The BIND DNS suite with updated DNSSEC and DNS64 +COMMENT= BIND DNS suite with updated DNSSEC and DNS64 # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.8.3-P2 +ISCVERSION= 9.8.3-P3 MAKE_JOBS_UNSAFE= yes @@ -209,7 +204,9 @@ post-patch: ${WRKSRC}/bin/named/Makefile.in.Dist > \ ${WRKSRC}/bin/named/Makefile.in +.if !defined(NOPORTDOCS) PORTDOCS= * +.endif PKGMESSAGE= ${.CURDIR}/../bind97/pkg-message PKGINSTALL= ${.CURDIR}/../bind97/pkg-install post-install: Modified: head/dns/bind98/distinfo ============================================================================== --- head/dns/bind98/distinfo Tue Sep 18 23:57:11 2012 (r304475) +++ head/dns/bind98/distinfo Wed Sep 19 03:46:35 2012 (r304476) @@ -1,4 +1,4 @@ -SHA256 (bind-9.8.3-P2.tar.gz) = b95d2e81b54ba972215c7fd52744fbe4711bd3fd6f217845ba95114d82c43588 -SIZE (bind-9.8.3-P2.tar.gz) = 7113192 -SHA256 (bind-9.8.3-P2.tar.gz.asc) = fe9e34fcd701ab312025665e825f2f840fae7067f6c6f361af4712bb22fcdb80 -SIZE (bind-9.8.3-P2.tar.gz.asc) = 490 +SHA256 (bind-9.8.3-P3.tar.gz) = 2819fc75f686bd0d393e04873f69982e0462a5604bfd2e207396b86334200cd3 +SIZE (bind-9.8.3-P3.tar.gz) = 7109848 +SHA256 (bind-9.8.3-P3.tar.gz.asc) = a7ae019d9ededba3e50fb889eb0096dc0d53117996d20420750776bb176805c2 +SIZE (bind-9.8.3-P3.tar.gz.asc) = 490 Modified: head/dns/bind99/Makefile ============================================================================== --- head/dns/bind99/Makefile Tue Sep 18 23:57:11 2012 (r304475) +++ head/dns/bind99/Makefile Wed Sep 19 03:46:35 2012 (r304476) @@ -1,7 +1,3 @@ -# New ports collection makefile for: BIND 9.9.x -# Date created: 27 January 2012 -# Whom: dougb -# # $FreeBSD$ # I stay very aware of developments with BIND in general, and with @@ -11,7 +7,7 @@ # release you can generally build it cleanly from the source - Doug PORTNAME= bind99 -PORTVERSION= 9.9.1.2 +PORTVERSION= 9.9.1.3 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} MASTER_SITE_SUBDIR= bind9/${ISCVERSION} @@ -20,10 +16,10 @@ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${ EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= dougb@FreeBSD.org -COMMENT= The BIND DNS suite with updated DNSSEC and DNS64 +COMMENT= BIND DNS suite with updated DNSSEC and DNS64 # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.9.1-P2 +ISCVERSION= 9.9.1-P3 MAKE_JOBS_UNSAFE= yes @@ -208,7 +204,9 @@ post-patch: ${WRKSRC}/bin/named/Makefile.in.Dist > \ ${WRKSRC}/bin/named/Makefile.in +.if !defined(NOPORTDOCS) PORTDOCS= * +.endif PKGMESSAGE= ${.CURDIR}/../bind97/pkg-message PKGINSTALL= ${.CURDIR}/../bind97/pkg-install post-install: Modified: head/dns/bind99/distinfo ============================================================================== --- head/dns/bind99/distinfo Tue Sep 18 23:57:11 2012 (r304475) +++ head/dns/bind99/distinfo Wed Sep 19 03:46:35 2012 (r304476) @@ -1,4 +1,4 @@ -SHA256 (bind-9.9.1-P2.tar.gz) = a46ecf6177b69d6e9a83a15f792d0594adcc8e800086208dd9b84452afb84d0e -SIZE (bind-9.9.1-P2.tar.gz) = 7223896 -SHA256 (bind-9.9.1-P2.tar.gz.asc) = 0620c92284e6e00209ce47d3cff14161cc19be978762036cef9ec98e500cd8ed -SIZE (bind-9.9.1-P2.tar.gz.asc) = 490 +SHA256 (bind-9.9.1-P3.tar.gz) = 1cdb83db76d6f8554dea19e3bd82b8d65261a24b9ce9fc948eade8c57569e302 +SIZE (bind-9.9.1-P3.tar.gz) = 7217415 +SHA256 (bind-9.9.1-P3.tar.gz.asc) = d3047cc5dfd5f4fe941996f363425ce86856b389fe7de6aad251f0d627e4d145 +SIZE (bind-9.9.1-P3.tar.gz.asc) = 490 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Sep 18 23:57:11 2012 (r304475) +++ head/security/vuxml/vuln.xml Wed Sep 19 03:46:35 2012 (r304476) @@ -51,6 +51,53 @@ Note: Please add new entries to the beg --> + + dns/bind9* -- Several vulnerabilities + + + bind99 + 9.9.1.3 + + + bind98 + 9.8.3.3 + + + bind97 + 9.7.6.3 + + + bind96 + 9.6.3.1.ESV.R7.3 + + + + +

ISC reports:

+
+

Prevents a crash when queried for a record whose RDATA exceeds + 65535 bytes.

+

Prevents a crash when validating caused by using "Bad cache" data + before it has been initialized.

+

ISC_QUEUE handling for recursive clients was updated to address + a race condition that could cause a memory leak. This rarely + occurred with UDP clients, but could be a significant problem + for a server handling a steady rate of TCP queries.

+

A condition has been corrected where improper handling of + zero-length RDATA could cause undesirable behavior, including + termination of the named process.

+
+ + + + + + + 2012-09-12 + 2012-09-18 + + + jenkins -- multiple vulnerabilities